ansible/roles/configure-nginx/templates/backend-nginx.conf


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61

server {
    server_name {{ hostname }};
    root {{ web_root }}/{{ hostname }};
    charset utf-8;

    access_log /var/log/nginx/{{ hostname }}-access.log;
    error_log /var/log/nginx/{{ hostname }}-error.log;

    if ($host != "{{ hostname }}") {
        return 403;
    }

    location / {
        if (-f $document_root/maintenance.html) {
            return 503;
        }

        autoindex off;
        index index.html;
    }

    error_page 503 @maintenance;
    location @maintenance {
        rewrite ^(.*)$ /maintenance.html break;
    }

    location ~* \.(?:ico|css|js|gif|jpe?g|png)$ {
        expires 150d;
        add_header Pragma public;
        add_header Cache-Control "public";
    }

    location ~* /(?:(count|job|defconfig|boot|token|batch|bisect|lab|version)(.*)(?!(\.(html?|json|css|js|png|jpe?g|ico))))$ {

        if (-f $document_root/maintenance.html) {
            more_set_headers "Content-Type: application/json; charset=UTF-8";
            return 503 '{"code": 503, "reason": "Service maintenance."}';
        }

        # Proxy cache, disabled for now.
        # proxy_cache BACKEND;
        # proxy_cache_key $proxy_host$uri$is_args$args;
        # proxy_cache_lock on;
        # proxy_cache_lock_timeout 2s;
        # proxy_cache_valid 3h;

        proxy_buffers 32 4k;
        proxy_buffer_size 8k;
        proxy_busy_buffers_size 64k;
        proxy_pass_header Server;
        proxy_set_header Host $http_host;
        proxy_redirect off;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Scheme $scheme;
        proxy_connect_timeout 9s;
        proxy_send_timeout 9s;
        proxy_read_timeout 9s;
        proxy_pass http://backends;
    }
}